Cross-Site Scripting Vulnerability in My WP Customize Plugin
CVE-2024-55864

4.8MEDIUM

Key Information:

Vendor: WordPress
Status: My WP Customize Admin/frontend
Vendor: CVE Published:; 17 December 2024

What is CVE-2024-55864?

A critical cross-site scripting (XSS) vulnerability has been identified in the My WP Customize Admin/Frontend plugin for WordPress, affecting all versions prior to 1.24.1. This vulnerability allows a malicious administrative user to inject harmful scripts during customization of the admin page. If successfully executed, these scripts can run on the browsers of other users accessing the customized page, leading to potential compromise of user data and security. Website administrators using affected versions are strongly advised to update to version 1.24.1 or later to mitigate this risk.

Affected Version(s)

My WP Customize Admin/Frontend prior to ver 1.24.1

References

https://wordpress.org/plugins/my-wp/#developers

https://mywpcustomize.com/update-history-my-wp-customize-...

https://jvn.jp/en/vu/JVNVU90748215/

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 17, 2024
Vulnerability Reserved
Dec 11, 2024